T 5.83 Compromising cryptographic keys

When cryptographic procedures are used, the gain in security depends to a great extent on how well the confidentiality of the secret cryptographic keys used is maintained. Once knowledge of the key and cryptographic algorithm used is obtained, it is usually easy to reverse the encryption and obtain the plain text. For this reason, a potential attacker will try to determine the key used for encryption. Possible points of attack for this purpose include the following:

• Unsuitable procedures are used to generate the key, for example the procedure for generating random numbers or for deriving the key.
• The keys are read during generation before they are stored on a secure storage medium.
• During operation, keys are exported from the cryptographic modules during technical attacks.
• The backup keys are stolen.
• An attacker spies on a person while he is entering cryptographic keys.
• The cryptographic methods used are broken. For example, when symmetric encryption methods such as DES are used, it is possible now to determine the key by trial-and-error using a massively parallel computer (brute force attack).
• An insider gives someone the cryptographic keys being used.